After one-third of North Dakota schools get hacked by foreign entities, state superintendent addresses attack with cyber security standards

Hackers from as far away as North Korea were part of malware attacks that affected one third of North Dakota schools in February 2018. Reuters / Kacper Pempel / File

BISMARCK — The North Dakota Information Technology Department said there were malware attacks on one-third of North Dakota schools in February 2018. The hackers behind the attacks were from different international locations including North Korea and the malware was downloaded from multiple access points.

According to ITD's Director of Security Sean Wiese, hackers used DoublePulsar malware that easily gives "bad actors" the ability to infiltrate other systems.

Wiese says this malware can infect a computer if a user simply clicks on something they weren't supposed to click on.

"The most common attacks are through phishing — it takes you clicking on something you shouldn't have," he said. "The attackers are tricky and everyone is susceptible."

According to Wiese, it took 30 to 45 days for the malware to be completely eradicated from their STAGEnet system, a network all North Dakota state employees use. While no information was lost, North Dakota State Superintendent Kirsten Baesler says it sparks a greater drive to combat hacking issues.

"Shawn Riley, chief information officer at ITD, and his team informed me that this had occurred, the breach was contained and sealed, no data was lost," Baesler said. "I was very pleased to know there was no damage, but it was an opportunity for Sean and I and the state (to talk) about what we need to do to make sure these breaches don't happen, and make sure we aren't an entry point for further attacks."

Malware that enter systems like STAGEnet have the potential to infect more confidential state departments like the treasury, Department of Agriculture and more. There are 252,000 users that have access to STAGEnet in North Dakota, and the school computers are just an entry point to what could be much more confidential information.

"This event is not the exception, these are now occurring more frequently and they are getting more skilled through getting past the firewall," Baesler said. "We have 450-plus school buildings, it's not realistic to to think we can build a strong enough firewall to sustain this. K-12 committed to working with the technological department so that we may not be the entry point."

Wiese says coordination between cybersecurity departments and the K-12 system is the most crucial part in addressing such a dire situation.

"We're trying to align our security initiatives with the K-12 arena. We want to be on the same page, creating a singular approach to cyber security so we react the same way when things like this happen," he said.

Wiese added that they are "working as a trifecta of cyber experts, technological tools and our K-12 staff."

The trifecta Wiese mentions is backed up by Baesler with a coalition comprised of cyber professionals, new protective technologies and the teacher licensing board.

The K-20W Coalition will create a set of standards and train teachers to educate students K-12 about cyber security, coding and computer science every year.

"We formed this statewide coalition to talk about cybersecurity and computer science. (We're) using the three-pronged approach so every student has access and exposure to computer security standards," Baesler said.